I'm surprised that they did not use available tools to defeat NET Reactor. Perhaps they wanted to perform the deobfuscation in the most static way possible?

The whole body encryption that they mention could be defeated by dumping the bytes after compileMethod is reached.

The other challenges that NET Reactor presents are relatively trivial considering that they barely add any CFG complexity to their method obfuscation techniques.

Either way, it's a cool blog post and I'd love to see more examples from CS in the future.